Kong/insomnia

Kong/insomnia

Releases1.14K

Frequency3 days 4 hours

Last Release 2 days ago

Stars39.7K

The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-1087 ↗	May 9, 2025Friday, 9 May 2025, 12:15	—	—
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.
CVE-2023-40299 ↗	Oct 4, 2023Wednesday, 4 October 2023, 22:15	7.8 HIGH	—
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.